Skip to main content
Skip table of contents

Release note Certificate Manager 8.2

Version: 8.2

Release Date: 2020-04-09

Main new features

Support for MariaDB

Support for creating and hosting CMDB in the MariaDB SQL database server. MariaDB v.10.4 has been verified with this release.

For more information, see Set up MariaDB in Certificate Manager.


Edwards curve keys in certificates

Support for creating CAs with Ed25519 and Ed448 keys.
Support for issuing end-entity certificates with Ed25519, Ed448, X25519 and X448 keys.

For CA keys it is important to verify that the HSM PKCS#11 library provides support for generation and use of Edward keys.


Bulk import of X.509 certificates

The ImportPKI tool as well as CM SDK now supports bulk import of X.509 certificates. Previously only one certificate at the time could be imported. Bulk import enables a higher import rate. A new CM SDK request called 'ImportCertificatesRequest' has been introduced which deprecates 'ImportCertificateRequest'.

For more information, see Certificate Manager (CM) REST API.


Import of X.509 certificates now supported in CM REST API

The CM REST API has a new request endpoint which allows import of externally issued X.509 certificates.

For more information, see Certificate Manager (CM) REST API.


Distribution Point (DP) servlet

The new Distribution Point servlet enables clients to retrieve current CRLs, CILs and CA certificates from a HTTP end-point.


Better PKCS#12 protection support

Nexus Personal Desktop Client now works with P12 files containing keys protected by AES encryption or using SHA-2. Hence it is now possible to use such P12 files as officers in the CM clients. For more information see Nexus Personal Desktop Client.


Build CIL/CRL at specified time of day

A "Build at" field is added to the CIL/CRL procedures in the Administrator's Workbench where the time of day when the CIL/CRL should be built can be specified. See Create CIL procedure in Certificate Manager and Create CRL procedure in Certificate Manager.


Secure transport of keys
Secure end-to-end transport of key pairs from HSM to client device. The device is only required to generate an initial factory key pair and the rest of the required key pairs are generated in a HSM and provided by Certificate Manager together with public key certificates. A CM REST API function is available for the transport. The functionality can be used to generate multiple keys and certificates to be transported in a package to the device in a factory environment, for example.


Updated support for operating systems and SQL servers

For details, see BACKUP - Certificate Manager requirements and interoperability

Changed functionality

Deprecated CM SDK request ImportCertificateRequest

The CM SDK request class 'ImportCertificateRequest' is now deprecated and will be removed in future release of CM. The SDK request class has been replaced by the class 'ImportCertificatesRequest', which supports bulk import.


CM SDK component now requires Java 11

The Java byte code of CM SDK and its dependencies has now been changed to Java 11.

Corrected bugs

CA Certificate renewal

It is now possible to change the 'Signature algorithm' of a CA when renewing the certificate.

Known Problems, Issues and Limitations

See the CM 8.2 Release.txt file for a list of Known Problems, Issues and Limitations.

Contact 

Contact Information

For information regarding support, training and other services in your area, please visit our website at www.nexusgroup.com/

Support

Nexus offers maintenance and support services for Nexus Certificate Manager to customers and partners. For more information, please refer to the Nexus Technical Support at www.nexusgroup.com/support/, or contact your local sales representative.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close